Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman

Slides:



Advertisements
Similar presentations
Tor: The Second-Generation Onion Router
Advertisements

The Dining Cryptographer Problem Security Presentation Nitesh Patel 2005h425.
The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.
Class 12 Anonymous Digital Currency CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman
How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.
Message Splitting Against the Partial Adversary Andrei Serjantov The Free Haven Project (UK) Steven J Murdoch University of Cambridge Computer Laboratory.
Reusable Anonymous Return Channels
15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.
Crowds: Anonymity for Web Transactions Paper by: Michael K. Reiter and Aviel D. Rubin, Presented by Eric M. Busse Portions excerpt from Crowds: Anonymity.
Xinwen Fu Anonymous Communication & Computer Forensics Computer & Network Forensics.
Analysis of Onion Routing Presented in by Jayanthkumar Kannan On 10/8/03.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.
Modelling and Analysing of Security Protocol: Lecture 9 Anonymous Protocols: Theory.
CMSC 414 Computer and Network Security Lecture 18 Jonathan Katz.
1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.
Anonymous Communication Luis von Ahn Andrew Bortz Nick Hopper The Aladdin Center Carnegie Mellon University.
Protocol Examples: Key Establishment Anonymity
Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.
0x1A Great Papers in Computer Security Vitaly Shmatikov CS 380S
Anonymizing Network Technologies Some slides modified from Dingledine, Mathewson, Syverson, Xinwen Fu, and Yinglin Sun Presenter: Chris Zachor 03/23/2011.
Aaron Johnson U.S. Naval Research Laboratory CSci 6545 George Washington University 11/18/2013.
Class 13 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman
Toward Prevention of Traffic Analysis Fengfeng Tu 11/26/01.
On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)
Lecture 29 Page 1 Advanced Network Security Privacy in Networking Advanced Network Security Peter Reiher August, 2014.
Traffic Analysis Prevention Chris Conger CIS6935 – Cryptographic Protocols 11/16/2004.
Privacy and Anonymity CS432 - Security in Computing Copyright © 2005, 2006 by Scott Orr and the Trustees of Indiana University.
CSE 486/586, Spring 2012 CSE 486/586 Distributed Systems Case Study: TOR Anonymity Network Bahadir Ismail Aydin Computer Sciences and Engineering University.
Nodes Bearing Grudges: Towards Routing Security, Fairness, and Robustness in Mobile Ad Hoc Networks Sonja Buchegger Jean-Yves Le Boudec.
Provable Unlinkability Against Traffic Analysis Amnon Ta-Shma Joint work with Ron Berman and Amos Fiat School of Computer Science, Tel-Aviv University.
Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms David Chaum CACM Vol. 24 No. 2 February 1981 Presented by: Adam Lee 1/24/2006 David.
Class 19 Wrap-up and Review CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman
Anonymous Communication -- a brief survey
Class 13 Review CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman
Privacy Enhancing Technologies Spring What is Privacy? “The right to be let alone” Confidentiality Anonymity Access Control Most privacy technologies.
Crowds: Anonymity for Web Transactions Michael K. Reiter Aviel D. Rubin Jan 31, 2006Presented by – Munawar Hafiz.
R. Newman Anonymity - Background. Defining anonymity Defining anonymity Need for anonymity Need for anonymity Defining privacy Defining privacy Threats.
Network Security David Lazăr.
V0.0CPSC415 Biometrics and Cryptography1 Placement of Encryption Function Lecture 3.
Class 16 Deniable Authentication CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman
Slide 1 Vitaly Shmatikov CS 361S Anonymity Networks.
Class 2 Cryptography Refresher CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman
Anonymity - Background R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide.
CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 19 PHILLIPA GILL - STONY BROOK U.
The Tor Network BY: CONOR DOHERTY AND KENNETH CABRERA.
Strengthening Tor against Eavesdropping Correlation Attacks Robert Thomas CSCE APR 2015 Audio:
Mix networks with restricted routes PET 2003 Mix Networks with Restricted Routes George Danezis University of Cambridge Computer Laboratory Privacy Enhancing.
Traffic Correlation in Tor Source and Destination Prediction PETER BYERLEY RINDAL SULTAN ALANAZI HAFED ALGHAMDI.
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
Modified Onion Routing GYANRANJAN HAZARIKA AND KARAN MIRANI.
Security Review Q&A Session May 1. Outline  Class 1 Security Overview  Class 2 Security Introduction  Class 3 Advanced Security Constructions  Class.
1 Anonymous Communications CSE 5473: Network Security Lecture due to Prof. Dong Xuan Some material from Prof. Joan Feigenbaum.
1 Anonymity. 2 Overview  What is anonymity?  Why should anyone care about anonymity?  Relationship with security and in particular identification 
Benjamin Knapic Nicholas Johnson.  “Tor is free software and an open network that helps you defend against a form of network surveillance that threatens.
Hiding in the Dark: The Internet You Cannot See Marc Visnick
Network Security: Anonymity
OblivP2P: An Oblivious Peer-to-Peer Content Sharing System
Anonymous Communication
Protocols for Anonymous Communication
Digital Forensics 2 Presented by : J.Silaa Lecture: FCI 30 Aug 2017
An Introduction to Privacy and Anonymous Communication
0x1A Great Papers in Computer Security
Network Security: Anonymity
Anonymity - Background
Anonymous Communication
Anonymous Communications
Anonymity – Chaum Mixes
Anonymous Communication
Presentation transcript:

Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman

Administrative stuff Monday office hours moved to 2:30 – Will be 2:30 – 4 How was your break? Quiz graded – Discussion

Outline Anonymity concepts and background The Dining Cryptographers problem Anonymous – Chaum mixes – Mixminion Anonymous web browsing – Tor Problems with Tor

Anonymity Concepts Privacy – Confidentiality Anonymity/Pseudonymity – Unobservability – Unlinkability

Properties of eCash Unforgeability Non-reusability Anonymity – Untraceability – Unlinkability

Dining Cryptographers Three people toss coins: heads=1, tails=0 Menus hide right-hand coin XOR your coin flip result and left neighbor’s result Report value to everyone Report opposite value to send a single bit If the sum is odd, someone sent a message

Dining Cryptographers II Slow Error-prone Needs tamper detection Does not scale Provides unobservability

Unobservability k-anonymity (scalable dining cryptographers) – Must be implemented very carefully Link padding – Inefficient – Cover traffic knowledge

Unlinkability Sender  X  Receiver (Sender can’t identify receiver) Sender  X  Receiver (Receiver can’t identify sender) Sender  X  Receiver (Neither knows who the other is) – How do we handle authentication? Unobservability implies unlinkability (?)

For Bob from Alice For Carol from Alice For David from Alice Onion Encryption

Source routing with capabilities B, data S3 S2 S1 B S3 S2 S1 A

Message for Bob Wrapping for Carol Wrapping for Doug Onion Encryption II Bob Alice Wrapping for Edward Edward Doug Carol

Chaum Mixes Bob Alice Output in lexographic order

Global Adversary Bob Alice

Chaum Mix Cascade Bob Alice

Anonymous Reply Address for replies: Reply: Mix0 decrypts N,A; sends: Mix decrypting reply does not know destination Mix encrypting reply does not know source

Mixminion AB C D E Bob A,B,C,D,E Alice Bob

Problems with Mixminon Centralized entities required – Availability failure – Anonymity failure (how?) Malicious nodes: – Control entry and exit – Unlikely

Anonymous High-latency Low-throughput Provides unlinkability – Have to be careful about authentication No default end-to-end confidentiality (PGP) – Actually, there is for replies Secure against global adversary

Anonymous Web Browsing Low-latency Medium-throughput Server does not know client Provides sender unlinkability – Have to be careful about authentication No default end-to-end confidentiality (SSL) NOT secure against global adversary

Tor ABC TCP over TCP (UGH!)

Anonymous Web Services Web service does not know client Client does not know web service Provides sender and receiver unlinkability Rendezvous

Tor Hidden Services ABCDEF

Outline Anonymity refresher Tor anonymous web browsing Attacks – Anonymity – Latency-based – Malicious nodes

Problems with Tor Global adversary – What are the possible attacks? – Long term intersection – Defined as NOT HANDLED by Tor – Functional vs. actual? Packet counting Packet sampling

Problems with Tor “Centralized” entities required – Availability failure – Anonymity failure (how?) Malicious nodes: – Control entry and exit Hopefully unlikely – entry guards Preferential attraction of clients – Eureka! We can lie!

Problems with Tor II Information leakage from software – Web browser language – System time – How else? Malicious attacks on software – How?

Problems with Tor III Information leakage from design: – Latency (Hopper et al.) Unlinkability failure: – Latency (Hopper et al.) See a pattern? Prevention?

Global Adversary Bob Alice Mix server

Entire Tor network

Global Adversary vs. Tor Bob Alice Entire Tor network

Problems with Tor Preferential attraction of clients – Eureka! We can lie! Information leakage from software Information leakage and linkability failure from latency (Hopper et al.) Malicious nodes – Control entry and exit Hopefully unlikely – entry guards

Tor Network Positioning Attack ABCM

Tor Linkability Attack ABC

Outline Anonymity refresher Tor anonymous web browsing Attacks – Anonymity – Latency-based – Malicious nodes

Tor Selective DoS Attack ABC

Tor reliability R DoS = (1-t) 2 + (tf) 3 (1-t) 2 dominates

A defense –entry guards Useful, but ≤ 3 guards may decrease resilience Other mixes

Questions? Reading discussion